312516 matches found
MAL-2026-10515 Malicious code in nodemon-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...
MAL-2026-10447 Malicious code in remarkable-table (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 464cab930bcf948abf49517f78a3ee1abb8b89c8f9c90f199bd3446c902d8e1e The package's preinstall script runs index.d.js, which reconstructs the identifier 'eval' from a character-code array 101,118,97,108 and base64-decod...
MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...
Malicious code in @nsub/nitxe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16147b7ac55d6c4cc4e042be73e6d49fc7232e8a03f406fecd034cdd27bf0eb The package's declared npm postinstall script collects the installer's username os.userInfo.username, hostname os.hostname, platform, and the entire...
Malicious code in tipsen-poc-again (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...
Malicious code in another-poc-by-tipsen (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1bd73ac39644da27df81fcbc6540647d0f13d77419a07997a8ca0a2baa6164e package.json declares a dependency safe-chain-test sourced from a tarball URL on an anonymous Cloudflare tunnel host...
Malicious code in tipsen-last (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8dda277dd82e1c50906cff18341bb76485eed33ba42d39b228c447514e4081f package.json declares its only runtime dependency "safe-chain-test" as a direct tarball URL on hoped-twice-evaluation-site.trycloudflare.com — an...
Malicious code in abuden222 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden217 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden226 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden227 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 424eb4c5daef762a3d9dd8a50b397d64812466368d7b044d4f65679e02659d83 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden225 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1055fc13dd3381055731dec99548ae360bcbf6263ffea25b8e89e49f43c9fb05 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden211 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b56fab3567bb384777773b6a1a1793f1842ae69d9937268e4c6d837072f51ac The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1ed9c23f2c82d9e91d783110274aff10788de9e0e9a783964702ea26c7b1cc4 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in abuden230 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2234aab0cda39685bbdd725de23c50e6e6b78ca85d8ae3c48dc0577287406f65 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden214 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bdbebaa72ae71aae5482f3726a6be11649402b33365104e2fbf39f1db624137 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden228 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in sixseven10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...
Malicious code in abuden220 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db7640be1dad05b49efcd772335edd1d23af2473f60abc8104719377761f272 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in abuden219 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...